By product:

By company:

Malware In Cars

Nonfree (proprietary) software is very often malware (designed to
mistreat the user). Nonfree software is controlled by its developers,
which puts them in a position of power over the users; that is the
basic injustice. The developers and manufacturers often exercise
that power to the detriment of the users they ought to serve.

This typically takes the form of malicious functionalities.

If you know of an example that ought to be in this page but isn't
here, please write
to <[email protected]>
to inform us. Please include the URL of a trustworthy reference or two
to serve as specific substantiation.

The FordPass Connect feature of some Ford vehicles has
near-complete access to the internal car network. It is constantly
connected to the cellular phone network and sends Ford a lot of data,
including car location. This feature operates even when the ignition
key is removed, and users report that they can't disable it.

If you own one of these cars, have you succeeded in breaking the
connectivity by disconnecting the cellular modem, or wrapping the
antenna in aluminum foil?

GM did not get users' consent, but it could have got that easily by
sneaking it into the contract that users sign for some digital service
or other. A requirement for consent is effectively no protection.

The cars can also collect lots of other data: listening to you,
watching you, following your movements, tracking passengers' cell
phones. All such data collection should be forbidden.

But if you really want to be safe, we must make sure the car's
hardware cannot collect any of that data, or that the software
is free so we know it won't collect any of that data.

While remotely allowing car “owners” to use the
whole battery capacity did not do them any harm, the same back
door would permit Tesla (perhaps under the command of some
government) to remotely order the car to use none of its battery. Or
perhaps to drive its passenger to a torture prison.

This is in addition to the fact that the car contains a cellular
modem that tells big brother all the time where it is. If you own
such a car, it would be wise to disconnect the modem so as to turn
off the tracking.

That's easy to do because the system has no authentication
when accessed through the modem. However, even if it asked
for authentication, you couldn't be confident that Nissan
has no access. The software in the car is proprietary, which means
it demands blind faith from its users.

Even if no one connects to the car remotely, the cell phone modem
enables the phone company to track the car's movements all the time;
it is possible to physically remove the cell phone modem, though.

Tesla cars allow the company to extract
data remotely and determine the car's location
at any time. (See Section 2, paragraphs b and c of the
privacy statement.) The company says it doesn't store this
information, but if the state orders it to get the data and hand it
over, the state can store it.

The case of toll-collection systems, mentioned in this article,
is not really a matter of proprietary surveillance. These systems
are an intolerable invasion of privacy, and should be replaced with
anonymous payment systems, but the invasion isn't done by malware. The
other cases mentioned are done by proprietary malware in the car.